What is Password Sniffing?
Password sniffing is a technique for harvesting passwords that involves monitoring traffic on a network to pull out information. Software to do this automatically is available from several companies and people also can do it manually or write their own software for a specific purpose. While not always malicious in intent, it can be a security threat and there are steps that can be taken to protect a network from sniffing.
Programs or devices can be used to follow the traffic that moves across a network. They examine individual packets of data to pull out the ones that look interesting, including data that contains passwords. Sometimes, passwords are displayed in plain text inside the system, rather than encrypted, making it easy for the password sniffer to identify them and match them with user names. In other cases, a decryption program may be needed to pull passwords out of a data stream.
Any time a password is sent across a network, it is vulnerable to sniffing. People using remote access to reach a computer must enter passwords, as do people accessing various network assets like printers, in some cases. Computer users also enter passwords online to do everything from checking email to logging on to a social networking account. All of these activities generate network traffic that can be vulnerable to sniffing.
People who engage in password sniffing usually collect passwords, generating a long list of known user names and passwords for future use. Hackers, crackers, and other people interested in exploiting a system can sniff for passwords that might allow them to take over and access sensitive material. People can also use passwords to steal someone's personal information. With this information in hand, it's possible to take over accounts and assume a person's identity or create a snarled mess that will take time to unravel.
Some malware and spyware comes with applications that sniff for passwords. These programs will harvest data and transmit it in addition to infecting other computers in a network.
Network administrators, especially on large networks, use a variety of techniques to combat password sniffing. These can range from requiring all users to install and use software that scans for viruses, malware, and other software exploits to limiting certain kinds of activity on a network in order to make it less vulnerable to attack. On public networks, like those found at colleges and libraries, exploits can be a big problem as a single user with an infected computer can endanger the whole network.
@popcorn - So very true -- it's easy for a person to sit in a public area and just collect passwords with a password sniffer program! My college had this happen more than once. The students from the Information Tech department collected passwords of everyone using the college's computer cafe to make the point that the college needs much better password and network security. Everybody flipped out a bit, but they made a good point: if they could do that, then anybody could. At least they only did it to make their point instead of to sell collected passwords.
Does anyone know how you can tell if someone is using a password sniffing program nearby?
I often access my various accounts from computers in a public area and worry about how secure they are.
I would prefer not to use the public computers but sometimes I don't have any choice.
Is there any kind of software you could carry with you on a portable USB flash drive that could scan the computer for password sniffing threats?
I already run free online virus scanners on public computers as I find a lot of these computers have out of date software or in some cases, none at all.
If you are a fan of sitting in public cafes that offer free WiFi and playing on your computer, make sure you are using some sort of encryption and security when sending passwords. My personal rule of thumb is not to do anything on a public WiFi network that I wouldn't want anyone having access to.
A person who has a password sniffing program on their computer can easily sit in a public space collecting passwords from the network with ease. These programs are fairly simple to use, so I think it is best to not expose yourself and private information to open networks.
Post your comments